ComboFix 09-11-23.06 - Tinker 11/24/2009 15:28.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1123 [GMT -6:00]
Running from: c:\documents and settings\Tinker\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.
2009-11-24 17:48 . 2009-11-24 17:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-24 17:48 . 2009-11-24 17:48 152576 ----a-w- c:\documents and settings\Tinker\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 17:47 . 2009-11-24 17:47 79488 ----a-w- c:\documents and settings\Tinker\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-24 17:44 . 2008-07-14 11:09 205560 ----a-w- c:\windows\UNBOC.EXE
2009-11-24 17:44 . 2008-07-14 11:09 212728 ----a-w- c:\windows\CMDLIC.DLL
2009-11-23 15:27 . 2009-11-23 15:27 -------- d-----w- c:\documents and settings\Tinker\Local Settings\Application Data\MyPorts
2009-11-16 00:07 . 2009-11-21 20:19 -------- d-----w- c:\program files\MyDefrag v4.2.6
2009-11-15 22:35 . 2009-11-15 22:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-15 22:35 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 22:35 . 2009-11-15 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 22:35 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-12 19:42 . 2009-11-12 19:42 -------- d-----w- c:\program files\Avanquest update
2009-11-12 05:45 . 2009-11-12 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-12 05:44 . 2009-11-12 05:44 -------- d-----w- c:\program files\Common Files\iS3
2009-11-12 05:44 . 2009-11-12 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-11 18:45 . 2009-11-11 18:45 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-11 18:45 . 2009-11-11 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-11-10 02:27 . 2009-11-10 02:27 -------- d-----w- c:\documents and settings\Tinker\Application Data\Malwarebytes
2009-11-10 02:27 . 2009-11-10 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-08 20:05 . 2009-11-08 20:05 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-08 20:04 . 2009-11-08 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-05 17:17 . 2009-11-09 01:42 -------- d-----w- c:\documents and settings\Tinker\Application Data\Uniblue
2009-11-05 17:17 . 2009-11-09 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 17:58 . 2006-01-15 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-24 17:57 . 2009-01-06 16:17 -------- d-----w- c:\program files\CCleaner
2009-11-24 17:49 . 2004-05-12 14:24 -------- d-----w- c:\program files\Java
2009-11-24 14:59 . 2007-10-16 20:18 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-24 00:25 . 2009-09-08 15:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-24 00:00 . 2009-04-10 13:16 -------- d-----w- c:\documents and settings\Tinker\Application Data\uTorrent
2009-11-23 02:30 . 2009-06-14 23:44 -------- d-----w- c:\documents and settings\Tinker\Application Data\Any Video Converter
2009-11-15 22:08 . 2008-10-11 22:24 -------- d-----w- c:\program files\Motorola
2009-11-15 04:46 . 2009-03-27 13:49 117760 -c--a-w- c:\documents and settings\Tinker\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-15 04:44 . 2009-07-12 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-15 04:43 . 2006-01-04 16:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-13 05:02 . 2008-10-11 21:46 -------- d-----w- c:\program files\Motorola Phone Tools
2009-11-13 05:02 . 2004-05-13 15:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 05:01 . 2008-10-03 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-11-12 21:50 . 2008-10-11 21:50 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-11-12 15:38 . 2008-04-19 01:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-12 15:26 . 2009-11-12 15:26 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-10 15:36 . 2004-05-12 15:08 73720 -c--a-w- c:\documents and settings\Tinker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 12:55 . 2008-02-21 23:56 -------- d-----w- c:\program files\Palm
2009-10-27 12:52 . 2006-12-30 00:47 -------- d-----w- c:\program files\dvdSanta
2009-10-08 20:57 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-06 01:06 . 2007-10-22 15:34 1715 ----a-w- c:\documents and settings\Tinker\Application Data\SAS7_000.DAT
2009-09-25 05:37 . 2004-08-04 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"CallControl 4.5"="c:\program files\FAXTALK COMMUNICATOR\FTCtrl32.exe" [2002-05-18 122368]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-24 149280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 487d68a;487d68a;c:\windows\system32\drivers\487d68a.sys --> c:\windows\system32\drivers\487d68a.sys [?]
S1 SASKUTIL;SASKUTIL;\??\g:\computer-repair-utility-kit\Virus Removal\SuperAntiSpyware\SASKUTIL.sys --> g:\computer-repair-utility-kit\Virus Removal\SuperAntiSpyware\SASKUTIL.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/15/2009 4:35 PM 38224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
.
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Tinker\Application Data\Mozilla\Firefox\Profiles\dlxjobct.default\
FF - prefs.js: browser.search.selectedEngine - AltaVista
FF - prefs.js: browser.startup.homepage - hxxp://www.gpcom.com/
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@DACL=(02 0000)
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:5d,91,57,42,70,a0,53,46,f4,5f,25,c0
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1932)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-24 15:33
ComboFix-quarantined-files.txt 2009-11-24 21:32
ComboFix2.txt 2009-11-24 20:53
ComboFix3.txt 2009-11-24 20:33
Pre-Run: 87,464,525,824 bytes free
Post-Run: 87,448,231,936 bytes free
Current=6 Default=6 Failed=1 LastKnownGood=3 Sets=1,2,3,6
- - End Of File - - ECFD28BBE42F5CAC85E240C04A41F4D6
MBAM REPORT
Malwarebytes' Anti-Malware 1.41
Database version: 3224
Windows 5.1.2600 Service Pack 3
11/24/2009 5:13:36 PM
mbam-log-2009-11-24 (17-13-36).txt
Scan type: Full Scan (C:\|)
Objects scanned: 158612
Time elapsed: 15 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Edited by Damn Microsoft, 25 November 2009 - 11:22 AM.